Post on 05-Oct-2020
#PIWorld ©2020 OSIsoft, LLC
Security for Critical OperationsBryan Owen PE
OSIsoft – Security Architect
1
#PIWorld ©2020 OSIsoft, LLC
About.me
Recent activities• 2020 SANS Michael J. Assante ICS Security Lifetime Achievement Award• 2020 CISA Control Systems Interagency Working Group• 2019 NERC GridSecCon Supply Chain Threat Vector• 2019 PIWorld What you need to know about the PI System, DERS and Cybersecurity• 2019 NSA Operational Technology and Cybersecurity• 2019 S4 OnRamp ICS and the Cloud
#PIWorld ©2020 OSIsoft, LLC
About.us
Major PI System security milestones• 2020 PI System Security Hardening• 2017 Read only PI Connectors and Interfaces • 2015 Transport Security using Windows Integrated Security• 2012 PI Vision with application server design pattern• 2009 PI Server with Windows Integrated Security• 2006 PI Interface Node Security Hardening
#PIWorld ©2020 OSIsoft, LLC
Agenda• Critical Operations• Advice from cyber experts• Destructive malware trends• Customer experiences• Evolution of OSIsoft guidance• What to expect from OSIsoft in 2020• Suggested PI World talks• Call to Action
#PIWorld ©2020 OSIsoft, LLC 5
Our Mission: Make Operations Data an Asset Everyone Can Use in Real Time
Process Engineer“Can we increase the overall yield?”
Production Manager“What is the forecast of productivity?”
Reporting Analyst“I need to combine 3 data sources into 1 report.”
Control Room Tech“The process is like a baby –you have to watch it.”
Data Scientist“Can we find new savings with machine learning?”
Maintenance Engineer“I need to know the moment it goes out of tune.”
#PIWorld ©2020 OSIsoft, LLC 6
80%of the top
companies globally
1000+utilities
worldwide
8of the global
Fortune top 10
companies
Oil & Gas
Power &Utilities
Metals &Mining
Pharma &Life Science
Chemicals Pulp & Paper
24of the top 25
pharmaceutical companies
9of the top 10
chemical companies rely on the PI System
145M metric tons per year of production monitored
OSIsoft Leads the Market in Critical Operations
#PIWorld ©2020 OSIsoft, LLC
Architectural Concept: Dedicated Data Infrastructure
Environmental Systems
Plant DCS
Transmission & Distribution SCADA
PLCs
Other critical operations systems Security Perimeter
Critical Systems
Reduce the risks on critical systems
Infrastructure
#PIWorld ©2020 OSIsoft, LLC
Architectural Concept: Dedicated Data Infrastructure
Environmental Systems
Plant DCS
Transmission & Distribution SCADA
PLCs
Other critical operations systems Security Perimeter
Limit direct access to critical systems while expanding the use of information.
Critical Systems
Reduce the risks on critical systems
Infrastructure
#PIWorld ©2020 OSIsoft, LLC
Architectural Concept: Dedicated Data Infrastructure
Environmental Systems
Plant DCS
Transmission & Distribution SCADA
PLCs
Other critical operations systems Security Perimeter
Limit direct access to critical systems while expanding the use of information.
Critical Systems
Reduce the risks on critical systems
Infrastructure
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
Is it asystem ofrecord?
Is itsecure,stable &agile?
Is thesystem always
available?
Am I collectingall of the
data?
10
Critical Operations Mindset
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
Is it asystem ofrecord?
Is itsecure,stable &agile?
Is thesystem always
available?
11
Critical Operations Mindset
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
Is it asystem ofrecord?
Is itsecure,stable &agile?
12
Critical Operations Mindset
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
Is it asystem ofrecord?
13
Critical Operations Mindset
#PIWorld ©2020 OSIsoft, LLC
Can we operate while
compromised?
14
Critical Operations Mindset
#PIWorld ©2020 OSIsoft, LLC
“If you really want to protect your network…you have to know your network.”
#PIWorld ©2020 OSIsoft, LLC 16
‘we must reengineer selected last-mile and endpoint elements of the grid’
#PIWorld ©2020 OSIsoft, LLC17
#PIWorld ©2020 OSIsoft, LLC
Trends in DoS attacks affecting critical operations
18
1998 2003 … 2007 … 2012 … 2016 … 2019
DDoS on Estonia
DDoS on US Banking
Mirai DDoS on DNS
DDoS on Cisco ASASQL Slammer
Ping of Death
24/7 availability is a top concern for critical operations
Urgent/11
#PIWorld ©2020 OSIsoft, LLC
The scope and scale of destructive malware affecting our industrial community is escalating
19
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Shamoon
TriSIS
RATKillDisk
CrashOverride
NotPetyaCryptoworm
WannaCryCryptoworm
LockerGogaRansomware
Stuxnet
2020
RyukRansomware
#PIWorld ©2020 OSIsoft, LLC
Stuxnet brought ‘cyber war’ into the open…
Shamoon was the industry ‘eye-opener’
20
#PIWorld ©2020 OSIsoft, LLC 21
$870,000,000 Pharmaceutical company Merck
$400,000,000 Delivery company FedEx (through European subsidiary TNT Express)
$384,000,000 French construction company Saint-Gobain
$300,000,000 Danish shipping company Maersk
$188,000,000 Snack company Mondelēz (parent company of Nabisco and Cadbury)
$129,000,000 British manufacturer Reckitt Benckiser (owner of Lysol and Durex condoms)
#PIWorld ©2020 OSIsoft, LLC 22
‘The makeshift solution was for a team at the company’s headquarters in California, to print out the paperwork and fly it over to the island.’
#PIWorld ©2020 OSIsoft, LLC
Lessons Learned
No matter how much you plan,no matter how much you train andno matter how many contingency plans you have,
You will be surprised.
23
Inger Sethov - Head of Communication & Public Affairs
#PIWorld ©2020 OSIsoft, LLC 24
1. Transparency daily webcasts and social media posts to keep business partners and the media informed – even control room visits
2. Don’t pay the ransom rebuild infrastructure to be safe and be sure that the attacker is not still part of it – don’t feed the hackers
3. Cloud services workers were still able to communicate via smartphones and tablets even without company computers
4. Empowered people virtually all production back up to 100% normal, despite operating in manual mode – ‘cyber heroes’
Microsoft Transformhttps://news.microsoft.com/transform/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/
#PIWorld ©2020 OSIsoft, LLC 25
Tips so you can be a‘cyber hero’
with the PI System.
#PIWorld ©2020 OSIsoft, LLC 26
#PIWorld ©2020 OSIsoft, LLC 27
Know your PI System disconnect points
#PIWorld ©2020 OSIsoft, LLC
Make use of PI System security barriers
28
#PIWorld ©2020 OSIsoft, LLC
Edge Data Store is more than data collection
29
Reengineered for ‘the last mile’ edgeData queues Local access with a restful API
e.g. display critical operations data while disconnected
#PIWorld ©2020 OSIsoft, LLC30
Use the ‘3-2-1 rule’ for critical operations data
•Three backups of your data•Two different storage types•One offsite backup – cloud!
PI SystemHigh AvailabilityDeliver
Manage/Enhance
Collect
#PIWorld ©2020 OSIsoft, LLC
Cloud enablement to enhance security
31
Modern authentication Across organizational boundaries
Reduces third party access to corporate networkAdds another option to access
critical data streams (e.g. BYOD during a crisis)
#PIWorld ©2020 OSIsoft, LLC
Recommended PI World talks and labs
• PI World 2020• Migrating from PI ProcessBook to PI Vision• Flexible Connectivity Strategies for OCS and the PI System• Making PI Data Ingress cOMFortable with PI Web API
• PI World Encores• Security and Hardening Your PI System• OSIsoft Cloud Services Security• Using the System Connector to Build a Strong Security Posture
32
#PIWorld ©2020 OSIsoft, LLC
CHALLENGES SOLUTION BENEFITS
We live in an industrial world.Going after industrial security, and doing it well, is worth doing.
Robert Lee CEO Dragos, Inc (OSIsoft security partner)
Enhance your security measures to combat cyber crime
Cyber risk reduction investment priorities
Increase security without slowing down digital transformation
Capability to operate while compromised
Create awareness of losses and impact to critical operations
Enable your people and security barriers built into the PI System
Know what systems can be trusted for response and recovery
Avoid significant losses and recovery costs (in the hundreds of millions!)
33
#PIWorld ©2020 OSIsoft, LLC
Contact
34
• Bryan Owen PE• Security Architect• OSIsoft• bryan@osisoft.com
#PIWorld ©2020 OSIsoft, LLC 35
Questions?
Please wait for the microphone
State your name & company
Save the Date...
DOWNLOAD THE MOBILE APP
#PIWorld ©2020 OSIsoft, LLC